• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

       

Phone record revelation
Published: 2006-01-24

The methods being used by companies selling phone records were revealed this week in an interview with a security consultant outlining the process. As anticipated, social engineering plays a large role -- the records are simply requested from the provider under the pretext that the caller is the owner of the records, hence the term "pretexting".

In order to obtain the information necessary to pull off a convincing imitation, details about the person are often needed. This is where the phone record companies turn to public data providers such as ChoicePoint and LexisNexis for enough information to build a profile on the individual, according to a Network World article.

This affiliation with legitimate data providers was not expected by many, and explains some of the ease and proficiency with which records are obtained. Another method mentioned was directly buying the information from insiders at phone companies -- with contacts being actively recruited via websites.

With all of the controversy surrounding the sale of phone records, some are wondering why pass-phrases are not being employed for account access at the major carriers. Fear of customers leaving due to account access hassles may have prevented this requirement in the past, but given the alternative, customers may be begging for an extra question to protect their privacy from now on.

Posted by: Peter Laborge

       

Expand all | Post comment